Jump to content


Photo
- - - - -

I beleive I have a redirect virus/maybe something else too.


  • This topic is locked This topic is locked
32 replies to this topic

#21 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 06:20 PM

I have W7 but really don't use it...I mainly use XP pro.

Run RogueKiller again and post the log.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#22 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 06:32 PM

Ah, sorry I dont mean to keep sucking up your time. I see that there is a few bestbuy things in there, can I safely remove those? I made a diffrent user account with adminstrative rights because and it solved the systempropertiesprotection.exe thing. (And this Bestbuy thing post it self in my taskbar, startup and desktop, dont want that) Although I dont know how to run CMD with adminstration rights so I can do the sfc /scannow command that windows support suggest.


RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dustin Bechtel [Admin rights]
Mode: Scan -- Date: 06/07/2012 19:30:02
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 4f4bd665ff46c263e84119abadf61f5d
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#23 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 06:38 PM

Under the Registry tab put a check next to this one and uncheck the rest
Then click delete on the right hand column:


[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#24 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 06:45 PM

Why does

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED


Not show up in the rogue killer window, but show up in the result notepad?

#25 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 07:11 PM

OK, it's saying that the keys isn't accessible.

Turn off UAC and see if that makes a difference:


http://www.howtogeek...-windows-vista/

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#26 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 07:18 PM

okay I disabled UAC and rebooted.. Results changed ...

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dustin Bechtel [Admin rights]
Mode: Scan -- Date: 06/07/2012 20:17:19
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 4f4bd665ff46c263e84119abadf61f5d
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#27 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 07:33 PM

Alright Mr.C I have been playing around a bit and my computer seems functional like it was orgininally.. No redirects.. its not slow anymore .. Everything seems normal .. Thank you so very much for your time and help.. (Eureka to knowing how to bypass the admin rules on w7 too now, I didnt know disabling UAC was there and would solve that if I need it)

#28 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 07:34 PM

I didn't mean RogueKiller, I meant to try system restore and see if that problem still happens.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#29 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 07:43 PM

Nope, I can access my system restore properties without prompts now , as well as run CMD prompt as admin to do the test win7 support suggested.

So all-in-all as far as I can tell I am clean.. :lol:

#30 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 07:49 PM

So you're OK now??? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#31 Aldiirn

Aldiirn

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 June 2012 - 07:56 PM

Yea I beleive so

Much appreciated

#32 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 June 2012 - 08:07 PM

OK...Take care, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#33 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 08 June 2012 - 06:41 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users